Slashdot Mirror
On The Privacy Subtleties Of GMail, Other Webmail
Brad Templeton writes "After talking with Google folks and learning about E-mail privacy law from EFF (join!) lawyers, I have written a new essay on the privacy subtleties of GMail and other advanced webmail applications. Some of the fear has been overdone, but there are surprising issues due to the fact that the ECPA, written almost 20 years ago, wasn't prepared for fancy e-mail offerings like GMail. I issue a call for Google to encrypt your mail to avoid these issues."
This article goes right to the heart of my query. Rather, the existence of this article does so. Is a geek one who revels in technology and the pursuit of coolness in new technology? Or is a geek someone who is wrapped up in figuring out how technology will be used inherently for evil purposes?
I like to think of geeks as the happy lot who wander the streets of Akihabara mesmerized by all the glitz and blinkenlights of the latest and greatest devices.
The article demonstrates a new strain of geeks which seems to revel in stymieng the technological process by handicapping it at every turn.
I imagine that any geek can encompass both forms, but I have a feeling that lately it is the boys who cry wolf that are taking over geekdom.
I have been pwned because my
This is pretty rediculous if you ask me. People in America give away their privacy rights all the time, without any worry. Most of the YRO stories on slashdot are just about that. But when a half respectable company like google decides to provide a free service, which you aren't obligated to use people go crazy.
I don't understand it. If you can't handle an automated script putting some ads in your emails from a simple world relation algorithm, maybe you should just, not use it?
Nobody raised this size of a ruckus over Orkut's similar cookie features, especially considering they hold a far larger quantity of personal information than GMail ever will.
--
The last digit of pi is four.
Why do people always call out, "Just don't use it!" If the minority who saw the truth just ignored the majority product throughout history, we'd be fucked. The minority fighting for change has vastly improved the world on a regular basis.
Also, Google isn't the government. Read what you are replying to.
In other words, no more than they know if you click on a Google sponsored link right now.
So, umm, in that case, don't sign up for a free trial of Out if you don't want one? *shrug*
Honestly, MSN, Yahoo & co. can do all of this right now, should they desire, and they have very little incentive to tell us about it. Well, maybe in the UK it might be illegal, but if they exclude all people who are from it from the policy and never tell anyone... (as if that were meaningful considering how many fill in utterly false info there...)
Hell, look at this current snip from the MSN Privacy Policy, which governs Hotmail:
Where was this fuss over these terms? I at least trust Google more than MSN...
Why call Google to encrypt your mail? If you are that concerned, you could go ahead and encrypt it yourself.
And if you are not bothered to do it on your own, or are not concerned enough about security, then you have no business complaining about Google.
Like the parent poster said, if you do not like Gmail, do not use it. What did you expect? Somebody off the street to come and give you an e-mail account with the coolest features for free with almost nothing from your side? Well guess what, in real life there is no such thing as free lunch.
And as for the "masses" out there, there's probably way more information floating around in the form of spyware and the like that gather data, than through something like Gmail.
This is the problem if you are the biggest guy around - everyone finds some reason or the other to pick on you.
He is right about the freak-out factor, but then for all you know, its probably a ploy from competitors to put Google at a disadvantage (you never know!).
And besides, if you are that concerned about secure information, plain e-mail is akin to sending confidential information on a postcard.
If you want confidentiality, encrypt your stuff. Why should Google do it for you? If you are that concerned, go ahead and do it yourself.
Encryption is a serious resource overhead - and encrypting for a very large number of people/subscribers (which Google will most certainly have) for very large amounts of data (which again, Google does and will have) is going to be a serious drain of resources.
And it is true - now even for the simplest things, Google is getting picked on. Despite the fact that they are perhaps the most benign (yet) of all the corporates out there. I guess people need someone to rant about. And sugarcoat it all with, "I love Google, but..."
Tackiness aside, though, if there are privacy problems, they need to be addressed. Yes, I know that Gmail is the ultimate in "opt-in." Don't like it, don't use it. This should make privacy concerns a moot point: interesting to debate, but nothing to fume about.
But google is a huge service. If Gmail is launched, people will flock to it in droves. Not just geeks, but ordinary people who have no idea how much of their private lives are lived "in plaintext." The privacy of many, many people, even those who do not use Gmail, is at stake.
Imagine, for example, a phone company that halves your rates in exchange for being allowed to sell transcripts of your phone conversations. Don't like it, don't use it -- but what about my rights to privacy when I call you? The simple answer ("don't call people with NoPrivacyPhone") is no solution at all.
Protect your liberties. Donate to the ACLU
Personally I don't have issues with Gmail... in fact I'm looking forward to getting an account.
However, if one is really concerned with privacy, I have to say that the "don't use it" argument dosn't really cut it. While one may not use Gmail directly, invariably one will need to send mails to people with Gmail accounts some time or the other, and the contents of the those mails will end up in Gmail servers.
One might argue that email is inherently public anyway, so sending mail to Gmail address is no different from sending mail to any other email address. (anyone with a packet sniffer in the correct place can peek into the contents of your mail). Well, sure... okay.
But don't keep repeating the cliched "don't use it" credo. It isn't really as simple as that.
Such a mild invasion of privacy is the price you pay for free email with massive storage. To those who balk at the terms: how much would you shell out for a "secure" GMail?
I've been using Gmail and I find it incredibly useful. My favs:
1. The keyboard shortcuts: allows me to use web based email the way I use Pine.. do everything without touching the mouse even once.
2. The tracking of emails to display them as "conversations".. so neat, it looks almost obvious.
3. The much griped about text ads are totally unobtrusive, and (faint, faint) they do not even appear on all email pages. Google probably has some algorithm to decide which conversations can get targeted ads.
4. The address autocomplete - no more clicking on email addresses in a popup window to insert them. It works exactly like a proper client application (as different from a browser app)
5. To reply to an email, all I have to do is click in a textbox below the email and presto! the compose widgets are there.. great time saver.. and you can see the conversation on top.
and the best part..
6. The interface is so clean and clutter free - it has google written all over it!
"When the only tool you own is a hammer, every problem begins to resemble a nail." - Abraham Maslow (1908-1970)
I do not see any privicy issues if a program reads my email in a single pass and add ads as soon as it does not store the data, does not integrate and post-analyze the data, does not use the data for profiling, etc. Plus, you do not have to use gmail at all. However, if gmail raises privicy issues then what about anti-spam programs that read and analyze your email whether you want or not? Morever you do not even know if there is an anti-spam program when you send your email to foo@bar.net. Then what about censorship issues with anti-spam programs? If someone sends an offer for viagra to president@whitehouse.gov, and an anti-spam program stops it, is it an instance of anti-Consitutional censorship? I do not say that anti-Spam progams are evil but rather just making a point about to harsh fear of the beast that was not even born yet (officially).
If enithin kan gow rong it whil. (Murfey)
I know others have said it, but really, if people don't like it they don't have to use it. Nobody is being forced in the least. There are plenty of other free email providers. The big comeback to that so far has been, "but what if I have to send an email to someone on GMail". You can't pick the phone service provider for a person you call, just like you can't pick a person's email provider for them. If you are that paranoid and whatever you are sending needs to be soooo private, then I doubt you'll want to be sending to a free email address of any kind anyway. I swear, some people just bitch to hear themsevles bitch.
The anti-spam and anti-virus scripts already parse all of your mail. This is simply a different bit of parsing.
Also Google can and most likely will, due to the outcry as well as their own code of ethics, limit how much an advertiser can infer from what ad you clicked.
Ideally, it would be no more than anyone gives away by clicking ads in the search results (and I note that you need never click these ads if you don't want to...). This is something no one had a problem with before, after all, however much it told them about your searches (and we all should know by now that every single worthwhile log parsing scripts pulls out the keywords people visit your site via... right?).
Honestly, I'm more worried about the warrantless search provisions and such this could fall prey to. Even so, I trust Google far more than the other services which are undoubtably now copying them for this.
Honestly, I'd almost like them to patent a few provisions of this (provided the patent was narrow enough) and simply keep others from copying Google and doing the whole service badly, in a way that would be horrible from a privacy standpoint...
If you don't trust Google to keep your email private, why should you trust them to encrypt your email without using an escrow key or some equivalent?
Current use of encryption for email is terribly low: I remember when Whitfield Diffie was asked at a Computers, Freedom and Privacy Conference a few years back how many emails sent to him were encrypted. Because you'd expect him to be way up at the top of the list of people who get encrypted email... under 10% was his reply. Oh, and Zimmerman was also in the audience... same answer.